<?php
	session_start();
	require_once("db.php");
	if(connect_db()){
		// username and password sent from form
		$myusername=$_POST['login_username'];
		$mypassword=$_POST['login_password'];

		// To protect MySQL injection (more detail about MySQL injection)
		$myusername = stripslashes($myusername);
		$mypassword = stripslashes($mypassword);
		$myusername = mysql_real_escape_string($myusername);
		$mypassword = mysql_real_escape_string($mypassword);
		$tbl_name="pengguna"; // Table name

		$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
		$results=mysql_query($sql);

		// Mysql_num_row is counting table row
		$count=mysql_num_rows($results);
		// If result matched $myusername and $mypassword, table row must be 1 row

		if($count==1){
			// Register $myusername, $mypassword and redirect to file "login_success.php"
			$_SESSION['login_username'] = $myusername;
			$_SESSION['login_password'] = $mypassword;
                        $result = mysql_fetch_array($results);
                        $_SESSION['login_avatar'] = $result['avatar'];
                        $_SESSION['login_email'] = $result['email'];
                        $_SESSION['login_birthdate'] = $result['tgllahir'];
                        $_SESSION['login_fullname'] = $result['fullname'];
                        $_SESSION['login_sex'] = $result['gender'];
                        $_SESSION['login_aboutme'] = $result['aboutme'];
			echo '1';
		}
		else {
			echo '0';
		}
	}
?>
